Details of VAR-202007-1133

ID

VAR-202007-1133

CVE

CVE-2020-6514

TITLE

Google Chrome Security hole

Trust: 0.6

sources: CNNVD: CNNVD-202007-1004

DESCRIPTION

Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to potentially exploit heap corruption via a crafted SCTP stream. Google Chrome is a web browser developed by Google (Google). WebRTC is one of the components that supports browsers for real-time voice or video conversations. A security vulnerability exists in WebRTC in versions prior to Google Chrome 84.0.4147.89. An attacker could exploit this vulnerability to bypass security restrictions. For the stable distribution (buster), these problems have been fixed in version 68.11.0esr-1~deb10u1. We recommend that you upgrade your firefox-esr packages. For the detailed security status of firefox-esr please refer to its security tracker page at: https://security-tracker.debian.org/tracker/firefox-esr Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl8huUkACgkQEMKTtsN8 TjZrWRAAmJKPn+TnXVDcxt9OC/ko2aovs7IotOScCOvjO9Aez+l64cUEOAj4Zxc1 gd/CC/fW/LNudbmLrMKjGft3bFwi/78htATpgcJE5diEjEVlyvgMJiwvwoN+zOO2 1u4hgN6sYiBVnEKBOtS3wA0VGa19tW5mWXWZgtfmEMfuNpz3bUQ8ApQ48M47VdUO JjZbtTP92N8h99Mko3k2Z2xUDimRZ0xvVYXmEQ9lUzQnNpz0yKwSuo/GsjnH3l1n 2Y8ih+m9pCuYfcpXvWtLlQc70koS84MaAzdqYsp1xMpXLHzejDM/e0oDEJppBjwP 0U4qHSbirlwMHn1PSILFsDjYfTwSmFUqvmPb9mcPMnz60xuh6IT+2RUKXekBo263 1uhlHgqd5+hWYuWxQz7FgssJVUzfH2ZzaIoTRTYtTQVJmHeYViWf54AEGP36D6++ I8tNyCVTbDW+114dWjAmkuQ+yVjt0eSb4rqLqwcKxvNT6cCzRRJp2/tSsQCAvFdB dzExvQQMD/t4o+0BUYxani0jJf9DR9N7BoUBQdI0eZNV/mJ1BmDWXJqEpExhilfb 9QlI6oRu/Cw05BpkD1FKeXR+MgMKpi/jubhsYkZQcV9t7C0D/L13DEAqxr4zi4te eLLP/BQ3bl+h71ZHBCYCpbCc+joreguC3Z09IaDYFafewmOACHs= =QMwo -----END PGP SIGNATURE----- . WebRTC: usrsctp is called with pointer as network address When usrsctp is used with a custom transport, an address must be provided to usrsctp_conninput be used as the source and destination address of the incoming packet. WebRTC uses the address of the SctpTransport instance for this value. Unfortunately, this value is often transmitted to the peer, for example to validate signing of the cookie. This could allow an attacker access to the location in memory of the SctpTransport of a peer, bypassing ASLR. To reproduce, place the following code on line 9529 of sctp_output.c. This will output the peer's address to the log: struct sctp_state_cookie cookie2; struct sctp_state_cookie* cookie3; cookie3 = sctp_get_next_param(cookie, 4, &cookie2, sizeof(struct sctp_state_cookie)); LOGE(\"COOKIE INITACK ADDRESS %llx laddress %llx\", *((long long*)cookie3->address), *((long long*)cookie3->address)); Or, view the SCTP packets sent by WebRTC before they are sent to the encryption layer. They are full of pointers. This bug is subject to a 90 day disclosure deadline. After 90 days elapse, the bug report will become visible to the public. The scheduled disclosure date is 2020-Jul-28. Disclosure at an earlier date is possible if agreed upon by all parties. Related CVE Numbers: CVE-2020-6514. Found by: deadbeef@chromium.org . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202101-30 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Qt WebEngine: Multiple vulnerabilities Date: January 26, 2021 Bugs: #734600, #754852 ID: 202101-30 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been found in Qt WebEngine, the worst of which could result in the arbitrary execution of code. Background ========= Library for rendering dynamic web content in Qt5 C++ and QML applications. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-qt/qtwebengine < 5.15.2 >= 5.15.2 Description ========== Multiple vulnerabilities have been discovered in Qt WebEngine. Please review the CVE identifiers referenced below for details. Impact ===== Please review the referenced CVE identifiers for details. Workaround ========= There is no known workaround at this time. Resolution ========= All Qt WebEngine users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">\xdev-qt/qtwebengine-5.15.2" References ========= [ 1 ] CVE-2020-15959 https://nvd.nist.gov/vuln/detail/CVE-2020-15959 [ 2 ] CVE-2020-15959 https://nvd.nist.gov/vuln/detail/CVE-2020-15959 [ 3 ] CVE-2020-15960 https://nvd.nist.gov/vuln/detail/CVE-2020-15960 [ 4 ] CVE-2020-15960 https://nvd.nist.gov/vuln/detail/CVE-2020-15960 [ 5 ] CVE-2020-15961 https://nvd.nist.gov/vuln/detail/CVE-2020-15961 [ 6 ] CVE-2020-15961 https://nvd.nist.gov/vuln/detail/CVE-2020-15961 [ 7 ] CVE-2020-15962 https://nvd.nist.gov/vuln/detail/CVE-2020-15962 [ 8 ] CVE-2020-15962 https://nvd.nist.gov/vuln/detail/CVE-2020-15962 [ 9 ] CVE-2020-15963 https://nvd.nist.gov/vuln/detail/CVE-2020-15963 [ 10 ] CVE-2020-15963 https://nvd.nist.gov/vuln/detail/CVE-2020-15963 [ 11 ] CVE-2020-15964 https://nvd.nist.gov/vuln/detail/CVE-2020-15964 [ 12 ] CVE-2020-15964 https://nvd.nist.gov/vuln/detail/CVE-2020-15964 [ 13 ] CVE-2020-15965 https://nvd.nist.gov/vuln/detail/CVE-2020-15965 [ 14 ] CVE-2020-15965 https://nvd.nist.gov/vuln/detail/CVE-2020-15965 [ 15 ] CVE-2020-15966 https://nvd.nist.gov/vuln/detail/CVE-2020-15966 [ 16 ] CVE-2020-15966 https://nvd.nist.gov/vuln/detail/CVE-2020-15966 [ 17 ] CVE-2020-15968 https://nvd.nist.gov/vuln/detail/CVE-2020-15968 [ 18 ] CVE-2020-15968 https://nvd.nist.gov/vuln/detail/CVE-2020-15968 [ 19 ] CVE-2020-15969 https://nvd.nist.gov/vuln/detail/CVE-2020-15969 [ 20 ] CVE-2020-15969 https://nvd.nist.gov/vuln/detail/CVE-2020-15969 [ 21 ] CVE-2020-15972 https://nvd.nist.gov/vuln/detail/CVE-2020-15972 [ 22 ] CVE-2020-15972 https://nvd.nist.gov/vuln/detail/CVE-2020-15972 [ 23 ] CVE-2020-15974 https://nvd.nist.gov/vuln/detail/CVE-2020-15974 [ 24 ] CVE-2020-15974 https://nvd.nist.gov/vuln/detail/CVE-2020-15974 [ 25 ] CVE-2020-15976 https://nvd.nist.gov/vuln/detail/CVE-2020-15976 [ 26 ] CVE-2020-15976 https://nvd.nist.gov/vuln/detail/CVE-2020-15976 [ 27 ] CVE-2020-15977 https://nvd.nist.gov/vuln/detail/CVE-2020-15977 [ 28 ] CVE-2020-15977 https://nvd.nist.gov/vuln/detail/CVE-2020-15977 [ 29 ] CVE-2020-15978 https://nvd.nist.gov/vuln/detail/CVE-2020-15978 [ 30 ] CVE-2020-15978 https://nvd.nist.gov/vuln/detail/CVE-2020-15978 [ 31 ] CVE-2020-15979 https://nvd.nist.gov/vuln/detail/CVE-2020-15979 [ 32 ] CVE-2020-15979 https://nvd.nist.gov/vuln/detail/CVE-2020-15979 [ 33 ] CVE-2020-15985 https://nvd.nist.gov/vuln/detail/CVE-2020-15985 [ 34 ] CVE-2020-15985 https://nvd.nist.gov/vuln/detail/CVE-2020-15985 [ 35 ] CVE-2020-15987 https://nvd.nist.gov/vuln/detail/CVE-2020-15987 [ 36 ] CVE-2020-15987 https://nvd.nist.gov/vuln/detail/CVE-2020-15987 [ 37 ] CVE-2020-15989 https://nvd.nist.gov/vuln/detail/CVE-2020-15989 [ 38 ] CVE-2020-15989 https://nvd.nist.gov/vuln/detail/CVE-2020-15989 [ 39 ] CVE-2020-15992 https://nvd.nist.gov/vuln/detail/CVE-2020-15992 [ 40 ] CVE-2020-15992 https://nvd.nist.gov/vuln/detail/CVE-2020-15992 [ 41 ] CVE-2020-16001 https://nvd.nist.gov/vuln/detail/CVE-2020-16001 [ 42 ] CVE-2020-16001 https://nvd.nist.gov/vuln/detail/CVE-2020-16001 [ 43 ] CVE-2020-16002 https://nvd.nist.gov/vuln/detail/CVE-2020-16002 [ 44 ] CVE-2020-16002 https://nvd.nist.gov/vuln/detail/CVE-2020-16002 [ 45 ] CVE-2020-16003 https://nvd.nist.gov/vuln/detail/CVE-2020-16003 [ 46 ] CVE-2020-16003 https://nvd.nist.gov/vuln/detail/CVE-2020-16003 [ 47 ] CVE-2020-6467 https://nvd.nist.gov/vuln/detail/CVE-2020-6467 [ 48 ] CVE-2020-6467 https://nvd.nist.gov/vuln/detail/CVE-2020-6467 [ 49 ] CVE-2020-6470 https://nvd.nist.gov/vuln/detail/CVE-2020-6470 [ 50 ] CVE-2020-6470 https://nvd.nist.gov/vuln/detail/CVE-2020-6470 [ 51 ] CVE-2020-6471 https://nvd.nist.gov/vuln/detail/CVE-2020-6471 [ 52 ] CVE-2020-6471 https://nvd.nist.gov/vuln/detail/CVE-2020-6471 [ 53 ] CVE-2020-6472 https://nvd.nist.gov/vuln/detail/CVE-2020-6472 [ 54 ] CVE-2020-6473 https://nvd.nist.gov/vuln/detail/CVE-2020-6473 [ 55 ] CVE-2020-6474 https://nvd.nist.gov/vuln/detail/CVE-2020-6474 [ 56 ] CVE-2020-6475 https://nvd.nist.gov/vuln/detail/CVE-2020-6475 [ 57 ] CVE-2020-6476 https://nvd.nist.gov/vuln/detail/CVE-2020-6476 [ 58 ] CVE-2020-6480 https://nvd.nist.gov/vuln/detail/CVE-2020-6480 [ 59 ] CVE-2020-6481 https://nvd.nist.gov/vuln/detail/CVE-2020-6481 [ 60 ] CVE-2020-6482 https://nvd.nist.gov/vuln/detail/CVE-2020-6482 [ 61 ] CVE-2020-6483 https://nvd.nist.gov/vuln/detail/CVE-2020-6483 [ 62 ] CVE-2020-6486 https://nvd.nist.gov/vuln/detail/CVE-2020-6486 [ 63 ] CVE-2020-6487 https://nvd.nist.gov/vuln/detail/CVE-2020-6487 [ 64 ] CVE-2020-6489 https://nvd.nist.gov/vuln/detail/CVE-2020-6489 [ 65 ] CVE-2020-6490 https://nvd.nist.gov/vuln/detail/CVE-2020-6490 [ 66 ] CVE-2020-6506 https://nvd.nist.gov/vuln/detail/CVE-2020-6506 [ 67 ] CVE-2020-6510 https://nvd.nist.gov/vuln/detail/CVE-2020-6510 [ 68 ] CVE-2020-6511 https://nvd.nist.gov/vuln/detail/CVE-2020-6511 [ 69 ] CVE-2020-6512 https://nvd.nist.gov/vuln/detail/CVE-2020-6512 [ 70 ] CVE-2020-6513 https://nvd.nist.gov/vuln/detail/CVE-2020-6513 [ 71 ] CVE-2020-6514 https://nvd.nist.gov/vuln/detail/CVE-2020-6514 [ 72 ] CVE-2020-6518 https://nvd.nist.gov/vuln/detail/CVE-2020-6518 [ 73 ] CVE-2020-6523 https://nvd.nist.gov/vuln/detail/CVE-2020-6523 [ 74 ] CVE-2020-6524 https://nvd.nist.gov/vuln/detail/CVE-2020-6524 [ 75 ] CVE-2020-6526 https://nvd.nist.gov/vuln/detail/CVE-2020-6526 [ 76 ] CVE-2020-6529 https://nvd.nist.gov/vuln/detail/CVE-2020-6529 [ 77 ] CVE-2020-6530 https://nvd.nist.gov/vuln/detail/CVE-2020-6530 [ 78 ] CVE-2020-6531 https://nvd.nist.gov/vuln/detail/CVE-2020-6531 [ 79 ] CVE-2020-6532 https://nvd.nist.gov/vuln/detail/CVE-2020-6532 [ 80 ] CVE-2020-6533 https://nvd.nist.gov/vuln/detail/CVE-2020-6533 [ 81 ] CVE-2020-6534 https://nvd.nist.gov/vuln/detail/CVE-2020-6534 [ 82 ] CVE-2020-6535 https://nvd.nist.gov/vuln/detail/CVE-2020-6535 [ 83 ] CVE-2020-6540 https://nvd.nist.gov/vuln/detail/CVE-2020-6540 [ 84 ] CVE-2020-6541 https://nvd.nist.gov/vuln/detail/CVE-2020-6541 [ 85 ] CVE-2020-6542 https://nvd.nist.gov/vuln/detail/CVE-2020-6542 [ 86 ] CVE-2020-6543 https://nvd.nist.gov/vuln/detail/CVE-2020-6543 [ 87 ] CVE-2020-6544 https://nvd.nist.gov/vuln/detail/CVE-2020-6544 [ 88 ] CVE-2020-6545 https://nvd.nist.gov/vuln/detail/CVE-2020-6545 [ 89 ] CVE-2020-6548 https://nvd.nist.gov/vuln/detail/CVE-2020-6548 [ 90 ] CVE-2020-6549 https://nvd.nist.gov/vuln/detail/CVE-2020-6549 [ 91 ] CVE-2020-6550 https://nvd.nist.gov/vuln/detail/CVE-2020-6550 [ 92 ] CVE-2020-6551 https://nvd.nist.gov/vuln/detail/CVE-2020-6551 [ 93 ] CVE-2020-6555 https://nvd.nist.gov/vuln/detail/CVE-2020-6555 [ 94 ] CVE-2020-6557 https://nvd.nist.gov/vuln/detail/CVE-2020-6557 [ 95 ] CVE-2020-6559 https://nvd.nist.gov/vuln/detail/CVE-2020-6559 [ 96 ] CVE-2020-6561 https://nvd.nist.gov/vuln/detail/CVE-2020-6561 [ 97 ] CVE-2020-6562 https://nvd.nist.gov/vuln/detail/CVE-2020-6562 [ 98 ] CVE-2020-6569 https://nvd.nist.gov/vuln/detail/CVE-2020-6569 [ 99 ] CVE-2020-6570 https://nvd.nist.gov/vuln/detail/CVE-2020-6570 [ 100 ] CVE-2020-6571 https://nvd.nist.gov/vuln/detail/CVE-2020-6571 [ 101 ] CVE-2020-6573 https://nvd.nist.gov/vuln/detail/CVE-2020-6573 [ 102 ] CVE-2020-6575 https://nvd.nist.gov/vuln/detail/CVE-2020-6575 [ 103 ] CVE-2020-6576 https://nvd.nist.gov/vuln/detail/CVE-2020-6576 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202101-30 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2021 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . 8.1) - ppc64le, x86_64 3. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: thunderbird security update Advisory ID: RHSA-2020:3345-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:3345 Issue date: 2020-08-06 CVE Names: CVE-2020-6463 CVE-2020-6514 CVE-2020-15652 CVE-2020-15659 ==================================================================== 1. Summary: An update for thunderbird is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.11.0. Security Fix(es): * chromium-browser: Use after free in ANGLE (CVE-2020-6463) * chromium-browser: Inappropriate implementation in WebRTC (CVE-2020-6514) * Mozilla: Potential leak of redirect targets when loading scripts in a worker (CVE-2020-15652) * Mozilla: Memory safety bugs fixed in Firefox 79 and Firefox ESR 68.11 (CVE-2020-15659) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of Thunderbird must be restarted for the update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1840893 - CVE-2020-6463 chromium-browser: Use after free in ANGLE 1857349 - CVE-2020-6514 chromium-browser: Inappropriate implementation in WebRTC 1861570 - CVE-2020-15652 Mozilla: Potential leak of redirect targets when loading scripts in a worker 1861572 - CVE-2020-15659 Mozilla: Memory safety bugs fixed in Firefox 79 and Firefox ESR 68.11 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: thunderbird-68.11.0-1.el6_10.src.rpm i386: thunderbird-68.11.0-1.el6_10.i686.rpm thunderbird-debuginfo-68.11.0-1.el6_10.i686.rpm x86_64: thunderbird-68.11.0-1.el6_10.x86_64.rpm thunderbird-debuginfo-68.11.0-1.el6_10.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: thunderbird-68.11.0-1.el6_10.src.rpm i386: thunderbird-68.11.0-1.el6_10.i686.rpm thunderbird-debuginfo-68.11.0-1.el6_10.i686.rpm ppc64: thunderbird-68.11.0-1.el6_10.ppc64.rpm thunderbird-debuginfo-68.11.0-1.el6_10.ppc64.rpm s390x: thunderbird-68.11.0-1.el6_10.s390x.rpm thunderbird-debuginfo-68.11.0-1.el6_10.s390x.rpm x86_64: thunderbird-68.11.0-1.el6_10.x86_64.rpm thunderbird-debuginfo-68.11.0-1.el6_10.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: thunderbird-68.11.0-1.el6_10.src.rpm i386: thunderbird-68.11.0-1.el6_10.i686.rpm thunderbird-debuginfo-68.11.0-1.el6_10.i686.rpm x86_64: thunderbird-68.11.0-1.el6_10.x86_64.rpm thunderbird-debuginfo-68.11.0-1.el6_10.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-6463 https://access.redhat.com/security/cve/CVE-2020-6514 https://access.redhat.com/security/cve/CVE-2020-15652 https://access.redhat.com/security/cve/CVE-2020-15659 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXyvRqdzjgjWX9erEAQi6yBAAmpPI3ei7YVCzkppVmO6lhuEQ7ekkZd9D HW86ZmanNw9NgzWiQdXyEKBIexRybfGmAR+hVuPAc/HyHyGP73Mrl9I9ueT6Mn0D su5Q7k4rWE955brUN+SkRv4sTSw7atPXz/M+hhMkFuonnzcrBE2VjH6Bu2wtub/w VAlGKQlGktLyEUtpKq+NPDH5FV33vTwaprrhzBwCTHx35TNVt71YsmS0UP+w/ERU V2VIsbLiqfX29tbUr9PqLD86kwrv9oiKFAAlkpIEyulMk0B9G04+/mI0B9zrS2Il NV/jFU3t+gizbwCkRXg46Vo+3PWiBSe95iROULfDUw+F88fPJMDN3ZHpPyGNGLjo Bg592YWct3IC8U4Pk86/Njy3oZGz+dxPTibwLn6OXY0d2D2nGKl+Joo5gvvNIAfy c65OPXKM+b5DF2vLq24348G4oFKv3z0EWNEnHhpNx0u7WCDsPAevapmQQBRe7PMF OZUHgQptH/ONpE7/V+CoX/oT9Q9EpyBcaDultXklzf8Jzbwi0ak19RydEzv88Zbf Y2JTNW01LvqmfQsQM0WNUcMXjcSU3dzPgRJekCuW6vzXWEqekYTc0rSJlRglbXoE BZ7sJrDwuGlI4QbzvBpsGRv/9ltFA059MQhrWj+feMnEWhWWAhAIcIpDZ/AitROb UOB9OxPc8jQ=Zj/d -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 8.1) - aarch64, ppc64le, s390x, x86_64 3. Description: Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability

Trust: 1.62

sources: NVD: CVE-2020-6514 // VULHUB: VHN-184639 // PACKETSTORM: 168870 // PACKETSTORM: 168897 // PACKETSTORM: 158697 // PACKETSTORM: 161131 // PACKETSTORM: 158786 // PACKETSTORM: 158789 // PACKETSTORM: 158685

AFFECTED PRODUCTS

vendor:	opensuse	model:	backports sle	scope:	eq	version:	15.0	Trust: 1.0
vendor:	apple	model:	watchos	scope:	lt	version:	6.2.8	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	31	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	10.0	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	20.04	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lt	version:	13.6	Trust: 1.0
vendor:	apple	model:	tvos	scope:	lt	version:	13.4.8	Trust: 1.0
vendor:	apple	model:	ipados	scope:	lt	version:	13.6	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	32	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	18.04	Trust: 1.0
vendor:	opensuse	model:	leap	scope:	eq	version:	15.1	Trust: 1.0
vendor:	google	model:	chrome	scope:	lt	version:	84.0.4147.89	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	9.0	Trust: 1.0
vendor:	opensuse	model:	leap	scope:	eq	version:	15.2	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	16.04	Trust: 1.0
vendor:	apple	model:	safari	scope:	lt	version:	13.1.2	Trust: 1.0

sources: NVD: CVE-2020-6514

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-6514
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-202007-1004
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-184639
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-6514
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-184639
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-6514
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-184639 // CNNVD: CNNVD-202007-1004 // NVD: CVE-2020-6514

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.1

sources: VULHUB: VHN-184639 // NVD: CVE-2020-6514

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202007-1004

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202007-1004

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-184639

PATCH

title:

Google Chrome WebRTC Security vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=125058

Trust: 0.6

sources: CNNVD: CNNVD-202007-1004

EXTERNAL IDS

db:	NVD	id:	CVE-2020-6514	Trust: 2.4
db:	PACKETSTORM	id:	158697	Trust: 1.8
db:	PACKETSTORM	id:	158789	Trust: 0.8
db:	PACKETSTORM	id:	158678	Trust: 0.7
db:	PACKETSTORM	id:	158804	Trust: 0.7
db:	PACKETSTORM	id:	158565	Trust: 0.7
db:	CNNVD	id:	CNNVD-202007-1004	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.2703	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2580	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2743	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2623	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0024	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2640	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2410	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2605	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2851	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2757	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2675	Trust: 0.6
db:	NSFOCUS	id:	50126	Trust: 0.6
db:	PACKETSTORM	id:	158685	Trust: 0.2
db:	PACKETSTORM	id:	158786	Trust: 0.2
db:	PACKETSTORM	id:	158788	Trust: 0.1
db:	PACKETSTORM	id:	158787	Trust: 0.1
db:	PACKETSTORM	id:	158664	Trust: 0.1
db:	PACKETSTORM	id:	158691	Trust: 0.1
db:	PACKETSTORM	id:	158676	Trust: 0.1
db:	PACKETSTORM	id:	158785	Trust: 0.1
db:	PACKETSTORM	id:	158686	Trust: 0.1
db:	PACKETSTORM	id:	158673	Trust: 0.1
db:	CNVD	id:	CNVD-2020-43481	Trust: 0.1
db:	VULHUB	id:	VHN-184639	Trust: 0.1
db:	PACKETSTORM	id:	168870	Trust: 0.1
db:	PACKETSTORM	id:	168897	Trust: 0.1
db:	PACKETSTORM	id:	161131	Trust: 0.1

sources: VULHUB: VHN-184639 // PACKETSTORM: 168870 // PACKETSTORM: 168897 // PACKETSTORM: 158697 // PACKETSTORM: 161131 // PACKETSTORM: 158786 // PACKETSTORM: 158789 // PACKETSTORM: 158685 // CNNVD: CNNVD-202007-1004 // NVD: CVE-2020-6514

REFERENCES

url:	http://packetstormsecurity.com/files/158697/webrtc-usrsctp-incorrect-call.html	Trust: 2.3
url:	https://chromereleases.googleblog.com/2020/07/stable-channel-update-for-desktop.html	Trust: 2.3
url:	https://security.gentoo.org/glsa/202101-30	Trust: 1.8
url:	https://support.apple.com/kb/ht211288	Trust: 1.7
url:	https://support.apple.com/kb/ht211290	Trust: 1.7
url:	https://support.apple.com/kb/ht211291	Trust: 1.7
url:	https://support.apple.com/kb/ht211292	Trust: 1.7
url:	https://www.debian.org/security/2020/dsa-4736	Trust: 1.7
url:	https://www.debian.org/security/2020/dsa-4740	Trust: 1.7
url:	https://www.debian.org/security/2021/dsa-4824	Trust: 1.7
url:	https://security.gentoo.org/glsa/202007-08	Trust: 1.7
url:	https://security.gentoo.org/glsa/202007-64	Trust: 1.7
url:	https://crbug.com/1076703	Trust: 1.7
url:	https://lists.debian.org/debian-lts-announce/2020/07/msg00027.html	Trust: 1.7
url:	https://lists.debian.org/debian-lts-announce/2020/08/msg00006.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00041.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00069.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00008.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00007.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00011.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00018.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00022.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00025.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00032.html	Trust: 1.7
url:	https://usn.ubuntu.com/4443-1/	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6514	Trust: 1.3
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/myidwchg24ztfd4p42d4a4wwppa74bcg/	Trust: 1.0
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/mtrpptkz2rkvh2xgqcwnfz7fogq5llca/	Trust: 1.0
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/myidwchg24ztfd4p42d4a4wwppa74bcg/	Trust: 0.7
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/mtrpptkz2rkvh2xgqcwnfz7fogq5llca/	Trust: 0.7
url:	https://vigilance.fr/vulnerability/chrome-multiple-vulnerabilities-32838	Trust: 0.6
url:	https://vigilance.fr/vulnerability/webrtc-information-disclosure-via-internal-address-leak-32960	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/50126	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2580/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2410/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2640/	Trust: 0.6
url:	https://packetstormsecurity.com/files/158565/gentoo-linux-security-advisory-202007-08.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/158678/red-hat-security-advisory-2020-3241-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2675/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2851/	Trust: 0.6
url:	https://packetstormsecurity.com/files/158789/red-hat-security-advisory-2020-3345-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2743/	Trust: 0.6
url:	https://support.apple.com/en-us/ht211291	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2623/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2703/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0024/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2757/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2605/	Trust: 0.6
url:	https://packetstormsecurity.com/files/158804/red-hat-security-advisory-2020-3377-01.html	Trust: 0.6
url:	https://support.apple.com/en-us/ht211290	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-15659	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6463	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2020-15652	Trust: 0.5
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.3
url:	https://access.redhat.com/security/team/contact/	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2020-15652	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2020-15659	Trust: 0.3
url:	https://bugzilla.redhat.com/):	Trust: 0.3
url:	https://access.redhat.com/security/team/key/	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2020-6463	Trust: 0.3
url:	https://access.redhat.com/articles/11258	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2020-6514	Trust: 0.3
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.3
url:	https://www.debian.org/security/faq	Trust: 0.2
url:	https://www.debian.org/security/	Trust: 0.2
url:	https://security-tracker.debian.org/tracker/firefox-esr	Trust: 0.1
url:	https://security-tracker.debian.org/tracker/thunderbird	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6472	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-15966	Trust: 0.1
url:	https://security.gentoo.org/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6506	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6467	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6534	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6545	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6571	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6482	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6532	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6475	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6540	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6470	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6511	Trust: 0.1
url:	https://creativecommons.org/licenses/by-sa/2.5	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6559	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6471	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-15972	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6576	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-15961	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-15977	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-16002	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6573	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-15978	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6549	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-15965	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6487	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6569	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-15992	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6510	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-15963	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6551	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6486	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-16001	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-15968	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6483	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6490	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-15960	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-15979	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-15989	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-16003	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-15987	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6531	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6476	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6480	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6524	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-15974	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6548	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6555	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6535	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6550	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6562	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-15976	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6543	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6474	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6533	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6523	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-15969	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6575	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6542	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-15964	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6489	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6526	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6518	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6512	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6481	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6557	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6513	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6544	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-15985	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6530	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6473	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-15962	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6561	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-15959	Trust: 0.1
url:	https://bugs.gentoo.org.	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6570	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6529	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6541	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:3342	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:3345	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:3254	Trust: 0.1
url:	https://www.mozilla.org/en-us/security/advisories/mfsa2020-31/	Trust: 0.1

CREDITS

Natalie Silvanovich of Google Project Zero

Trust: 0.6

sources: CNNVD: CNNVD-202007-1004

SOURCES

db:	VULHUB	id:	VHN-184639
db:	PACKETSTORM	id:	168870
db:	PACKETSTORM	id:	168897
db:	PACKETSTORM	id:	158697
db:	PACKETSTORM	id:	161131
db:	PACKETSTORM	id:	158786
db:	PACKETSTORM	id:	158789
db:	PACKETSTORM	id:	158685
db:	CNNVD	id:	CNNVD-202007-1004
db:	NVD	id:	CVE-2020-6514

LAST UPDATE DATE

2025-05-10T20:24:29.570000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-184639	date:	2021-07-21T00:00:00
db:	CNNVD	id:	CNNVD-202007-1004	date:	2021-11-03T00:00:00
db:	NVD	id:	CVE-2020-6514	date:	2024-11-21T05:35:52.533

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-184639	date:	2020-07-22T00:00:00
db:	PACKETSTORM	id:	168870	date:	2020-07-28T19:12:00
db:	PACKETSTORM	id:	168897	date:	2020-08-02T12:12:00
db:	PACKETSTORM	id:	158697	date:	2020-07-31T22:33:23
db:	PACKETSTORM	id:	161131	date:	2021-01-26T14:27:32
db:	PACKETSTORM	id:	158786	date:	2020-08-06T17:06:31
db:	PACKETSTORM	id:	158789	date:	2020-08-06T17:06:54
db:	PACKETSTORM	id:	158685	date:	2020-07-31T19:38:39
db:	CNNVD	id:	CNNVD-202007-1004	date:	2020-07-14T00:00:00
db:	NVD	id:	CVE-2020-6514	date:	2020-07-22T17:15:13.447